I’m waiting to see if Ron or any other PMC members wanted to review this before 
I close the vote and continue with the release.
--
Matt Sicker

> On Dec 29, 2021, at 11:42, Matt Sicker <boa...@gmail.com> wrote:
> 
> My +1
> --
> Matt Sicker
> 
>> On Dec 29, 2021, at 10:35, Carter Kozak <cko...@ckozak.net 
>> <mailto:cko...@ckozak.net>> wrote:
>> 
>> +1
>> 
>> $ mvn -version
>> Apache Maven 3.8.4 (9b656c72d54e5bacbed989b64718c159fe39b537)
>> Maven home: /opt/homebrew/Cellar/maven/3.8.4/libexec
>> Java version: 1.8.0_312, vendor: Azul Systems, Inc., runtime: 
>> /Users/ckozak/.tools/jdk/zulu8.58.0.13-ca-jdk8.0.312-macosx_aarch64/zulu-8.jdk/Contents/Home/jre
>> Default locale: en_US, platform encoding: UTF-8
>> OS name: "mac os x", version: "12.1", arch: "aarch64", family: "mac"
>> 
>> build/tests/rat look good
>> 
>> -ck
>> 
>> On Tue, Dec 28, 2021, at 20:59, Matt Sicker wrote:
>>> This is a vote to release Log4j 2.3.2, a security release for Java 6 users.
>>> 
>>> Please download, test, and cast your votes on the log4j developers list.
>>> [] +1, release the artifacts
>>> [] -1, don't release because…
>>> 
>>> The vote will remain open for as short amount as time as required to vet 
>>> the release. All votes are welcome and we encourage everyone to test the 
>>> release, but only Logging PMC votes are “officially” counted. As always, at 
>>> least 3 +1 votes and more positive than negative votes are required.
>>> 
>>> Changes in this version include:
>>> 
>>> Fixed Bugs
>>> 
>>> Fixed Bugs:
>>> o LOG4J2-3293:  JDBC Appender should use JNDI Manager and JNDI access 
>>> should be limited.
>>>        Backport fix for CVE-2021-44832.
>>> o LOG4J2-2819:  Add support for specifying an SSL configuration for 
>>> SmtpAppender.
>>>        Backport fix for CVE-2020-9488 to allow SSL/TLS hostname 
>>> verification.
>>> 
>>> Tag: 
>>> a)  for a new copy do "git clone 
>>> https://github.com/apache/logging-log4j2.git 
>>> <https://github.com/apache/logging-log4j2.git> 
>>> <https://github.com/apache/logging-log4j2.git 
>>> <https://github.com/apache/logging-log4j2.git>>" and then "git checkout 
>>> tags/log4j-2.3.2-rc1”  or just "git clone -b log4j-2.3.2-rc1 
>>> https://github.com/apache/logging-log4j2.git 
>>> <https://github.com/apache/logging-log4j2.git> 
>>> <https://github.com/apache/logging-log4j2.git 
>>> <https://github.com/apache/logging-log4j2.git>>"
>>> b) for an existing working copy to “git pull” and then “git checkout 
>>> tags/log4j-2.3.2-rc1”
>>> 
>>> Web Site: [none published yet; need someone to stage a generated site]
>>> 
>>> Maven Artifacts: 
>>> https://repository.apache.org/content/repositories/orgapachelogging-1081/ 
>>> <https://repository.apache.org/content/repositories/orgapachelogging-1081/>
>>> 
>>> Distribution archives: 
>>> https://dist.apache.org/repos/dist/dev/logging/log4j/ 
>>> <https://dist.apache.org/repos/dist/dev/logging/log4j/> 
>>> <https://dist.apache.org/repos/dist/dev/logging/log4j/ 
>>> <https://dist.apache.org/repos/dist/dev/logging/log4j/>> 
>>> 
>>> You may download all the Maven artifacts by executing:
>>> wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate 
>>> https://repository.apache.org/content/repositories/orgapachelogging-1081/org/apache/logging/log4j/
>>>  
>>> <https://repository.apache.org/content/repositories/orgapachelogging-1081/org/apache/logging/log4j/>
>>> 
>>> --
>>> Matt Sicker
> 

Reply via email to